Twitter accounts hacked, Twitter Counter steps forward as culprit

Twitter Counter, a third-party analytics service, appears once again to have provided a gateway for hackers to post messages to high-profile Twitter accounts.

An unlikely number of Twitter users suddenly learned to speak Turkish on Wednesday, posting an inflammatory message in the language replete with Nazi swastikas.

Among those posting the message were the Twitter accounts of Forbes magazine, the Atlanta Police Department, and Amnesty International, one of the few hacked accounts one might expect to speak Turkish.

Fears that these accounts had all been hacked were quickly allayed, when Twitter identified a third-party app as being to blame.

“We are aware of an issue affecting a small number of account holders this morning. Our teams worked at pace and took direct action. We quickly located the source which was limited to a third party app. We removed its permissions immediately. No additional accounts are impacted,” a Twitter spokesman said via email.

It’s usually hard to measure the impact of such hacktivist attacks, but counting the consequences may be easier this time around. Although Twitter did not name the app involved, the independent Twitter Counter service soon outed itself.

“We’re aware that our service was hacked and have started an investigation into the matter. We’ve already taken measures to contain such abuse,” the company tweeted.

Assuming that the abuse was going through its system, it said, “We’ve blocked all ability to post tweets and changed our Twitter app key.”

A Twitter Counter spokesman referred questions to the company’s CEO, Omer Ginor, who did not immediately respond to a request for comment.

It’s barely four months since Twitter Counter was last hacked, an attack that resulted in postings to high-profile accounts including those of Playstation, Viacom, Xbox, Charlie Sheen and Lionel Messi, the company said at the time.

“The attackers used a mechanism to hack the cookies used by the website, so that they can, one by one, make the system believe they’re logged in as a specific user and therefore be able to take the actions we allow users to take on our site, such as posting,” Ginor said in his analysis of the incident that took place last November.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.